search cancel

Filereader will not start on Linux Detection Server

book

Article ID: 163858

calendar_today

Updated On:

Products

Data Loss Prevention Network Discover

Issue/Introduction

FileReader will not start on new Linux Servers or Servers that have been upgraded. Content Extraction Engine cannot start.

Oct 10, 2016 6:06:40 PM com.vontu.cracker.jni.NativeContentExtractionEngine create
SEVERE: [1871685376] Handshake failed with CE host., Exception thrown from : HostManager.cpp(106) HostManager.cpp 131
Oct 10, 2016 6:06:40 PM com.vontu.cracker.jni.NativeContentExtractionEngine create
SEVERE: [1871685376] Exception caught during starting up host manager. ContentExtractionEngineImpl.cpp 53
Oct 10, 2016 6:06:40 PM com.vontu.messaging.FileReaderSetup initialize
SEVERE: (DETECTION.3) Failed to initialize Detection
com.vontu.cracker.jni.NativeException: Failed to start Engine
        at com.vontu.cracker.jni.NativeContentExtractionEngine.create(Native Method)
        at com.vontu.cracker.jni.NativeContentExtractionEngine.<init>(NativeContentExtractionEngine.java:37)
        at com.vontu.cracker.jni.EngineContext.<init>(EngineContext.java:12)
        at com.vontu.cracker.NativeExtractionEngine.<init>(NativeExtractionEngine.java:31)
        at com.vontu.cracker.NativeExtractionEngine.<init>(NativeExtractionEngine.java:16)
        at com.vontu.detection.ExtractionEngineFactoryLoader.loadExtractorFactory(ExtractionEngineFactoryLoader.java:12)
        at com.vontu.messaging.FileReader.initializeContentExtractionServices(FileReader.java:491)
        at com.vontu.messaging.FileReader.initializeContentExtractionServices(FileReader.java:463)
        at com.vontu.messaging.FileReader.start(FileReader.java:308)
        at com.vontu.messaging.FileReaderSetup.initialize(FileReaderSetup.java:83)
        at com.vontu.messaging.FileReader.main(FileReader.java:233)
Oct 10, 2016 6:06:40 PM com.vontu.logging.LocalLogWriter write
SEVERE: File Reader failed to start. Error starting File Reader. Failed to start Engine No incidents will be detected.

Environment

RHEL Linux Servers  6.x or the newer 7.x  versions.
 

Cause

Content Extraction Engine Cannot Start,  FileReader then fails to start.

Resolution

  1. To get  a more detailed error message on why the content extraction engine cannot start we will launch it manually as the “protect”  Linux user.
  2. Sudo into the protect Linux user  with  command  su  -  protect
  3. Navigate to the  content extraction engine default path: /opt/SymantecDLP/Protect/lib/native folder.
  4. Run the content extraction engine manually with the  ./ceh   command as protect user.
  5. The content extraction engine will throw a more detailed error on why it cannot start,  90% of the time it is missing a library or  .so  file,  it will tell you which one.
  6. You will have to then install the  RPM that contains the missing library,  once this is done run the   ./ceh command again,   and if it returns a blank screen without any errors, it has loaded correctly and is ready to run.
  7.  You may start the VontuMonitor service now on the detection server and monitor the Filereader log when starting with the    >   tail-f  /var/log/SymantecDLP/debug/FileReader0.log  file command.